From owner-freebsd-security  Wed Aug 19 19:59:55 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA28264
          for freebsd-security-outgoing; Wed, 19 Aug 1998 19:59:55 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from echonyc.com (echonyc.com [198.67.15.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA28238;
          Wed, 19 Aug 1998 19:59:52 -0700 (PDT)
          (envelope-from benedict@echonyc.com)
Received: from localhost (benedict@localhost)
	by echonyc.com (8.8.7/8.8.7) with SMTP id WAA27716;
	Wed, 19 Aug 1998 22:59:02 -0400 (EDT)
Date: Wed, 19 Aug 1998 22:59:02 -0400 (EDT)
From: Snob Art Genre <benedict@echonyc.com>
Reply-To: ben@rosengart.com
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
cc: Bill Fenner <fenner@parc.xerox.com>, freebsd-security@FreeBSD.ORG,
        freebsd-bugs@FreeBSD.ORG
Subject: Re: Gateway/firewall denial of service 
In-Reply-To: <199808192118.RAA07353@khavrinen.lcs.mit.edu>
Message-ID: <Pine.GSO.4.02.9808192257490.26430-100000@echonyc.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 19 Aug 1998, Garrett Wollman wrote:

> <<On Wed, 19 Aug 1998 12:56:24 PDT, Bill Fenner <fenner@parc.xerox.com> said:
> 
> > I think the proper fix is for arp to ignore ARP replies for an address
> > that the routing table routes to a different interface.
> 
> This seems reasonable.

Why not just ignore replies on interfaces other than the one the request
was sent on?  Is connecting to the same segment with more than one
interface supported, btw?


 Ben

"You have your mind on computers, it seems." 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message